Class: Vault::PersistentHTTP

Inherits:
Object
  • Object
show all
Defined in:
lib/vault/persistent.rb

Defined Under Namespace

Classes: Connection, Error, Pool, TimedStackMulti

Constant Summary collapse

EPOCH =

The beginning of Time

Time.at 0
HAVE_OPENSSL =

Is OpenSSL available? This test works with autoload

defined? OpenSSL::SSL # :nodoc:
VERSION =

The version of PersistentHTTP you are using

'3.0.0'
RETRIED_EXCEPTIONS =

Exceptions rescued for automatic retry on ruby 2.0.0. This overlaps with the exception list for ruby 1.x.

[ # :nodoc:
  (Net::ReadTimeout if Net.const_defined? :ReadTimeout),
  IOError,
  EOFError,
  Errno::ECONNRESET,
  Errno::ECONNABORTED,
  Errno::EPIPE,
  (OpenSSL::SSL::SSLError if HAVE_OPENSSL),
  Timeout::Error,
].compact

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name = nil, proxy = nil, pool_size = Vault::Defaults::DEFAULT_POOL_SIZE, pool_timeout = Vault::Defaults::DEFAULT_POOL_TIMEOUT) ⇒ PersistentHTTP

Creates a new PersistentHTTP.

Set name to keep your connections apart from everybody else’s. Not required currently, but highly recommended. Your library name should be good enough. This parameter will be required in a future version.

proxy may be set to a URI::HTTP or :ENV to pick up proxy options from the environment. See proxy_from_env for details.

In order to use a URI for the proxy you may need to do some extra work beyond URI parsing if the proxy requires a password:

proxy = URI 'http://proxy.example'
proxy.user     = 'AzureDiamond'
proxy.password = 'hunter2'

Set pool_size to limit the maximum number of connections allowed. Defaults to 1/4 the number of allowed file handles. You can have no more than this many threads with active HTTP transactions.



503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
 
# File 'lib/vault/persistent.rb', line 503

def initialize name=nil, proxy=nil, pool_size=Vault::Defaults::DEFAULT_POOL_SIZE, pool_timeout=Vault::Defaults::DEFAULT_POOL_TIMEOUT
  @name = name

  @debug_output     = nil
  @proxy_uri        = nil
  @no_proxy         = []
  @headers          = {}
  @override_headers = {}
  @http_versions    = {}
  @keep_alive       = 30
  @open_timeout     = nil
  @read_timeout     = nil
  @idle_timeout     = 5
  @max_requests     = nil
  @socket_options   = []
  @ssl_generation   = 0 # incremented when SSL session variables change

  @socket_options << [Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1] if
    Socket.const_defined? :TCP_NODELAY

  @pool = PersistentHTTP::Pool.new size: pool_size, timeout: pool_timeout do |http_args|
    PersistentHTTP::Connection.new Net::HTTP, http_args, @ssl_generation
  end

  @certificate        = nil
  @ca_file            = nil
  @ca_path            = nil
  @ciphers            = nil
  @private_key        = nil
  @ssl_timeout        = nil
  @ssl_version        = nil
  @verify_callback    = nil
  @verify_depth       = nil
  @verify_mode        = nil
  @cert_store         = nil

  @generation         = 0 # incremented when proxy URI changes

  if HAVE_OPENSSL then
    @verify_mode        = OpenSSL::SSL::VERIFY_PEER
    @reuse_ssl_sessions = OpenSSL::SSL.const_defined? :Session
  end

  @retry_change_requests = false

  self.proxy = proxy if proxy
end

Instance Attribute Details

#ca_fileObject

An SSL certificate authority. Setting this will set verify_mode to VERIFY_PEER.



295
296
297
 
# File 'lib/vault/persistent.rb', line 295

def ca_file
  @ca_file
end

#ca_pathObject

A directory of SSL certificates to be used as certificate authorities. Setting this will set verify_mode to VERIFY_PEER.



301
302
303
 
# File 'lib/vault/persistent.rb', line 301

def ca_path
  @ca_path
end

#cert_storeObject

An SSL certificate store. Setting this will override the default certificate store. See verify_mode for more information.



307
308
309
 
# File 'lib/vault/persistent.rb', line 307

def cert_store
  @cert_store
end

#certificateObject Also known as: cert

This client’s OpenSSL::X509::Certificate



284
285
286
 
# File 'lib/vault/persistent.rb', line 284

def certificate
  @certificate
end

#ciphersObject

The ciphers allowed for SSL connections



312
313
314
 
# File 'lib/vault/persistent.rb', line 312

def ciphers
  @ciphers
end

#debug_outputObject

Sends debug_output to this IO via Net::HTTP#set_debug_output.

Never use this method in production code, it causes a serious security hole.



320
321
322
 
# File 'lib/vault/persistent.rb', line 320

def debug_output
  @debug_output
end

#generationObject (readonly)

Current connection generation



325
326
327
 
# File 'lib/vault/persistent.rb', line 325

def generation
  @generation
end

#headersObject (readonly)

Headers that are added to every request using Net::HTTP#add_field



330
331
332
 
# File 'lib/vault/persistent.rb', line 330

def headers
  @headers
end

#http_versionsObject (readonly)

Maps host:port to an HTTP version. This allows us to enable version specific features.



336
337
338
 
# File 'lib/vault/persistent.rb', line 336

def http_versions
  @http_versions
end

#idle_timeoutObject

Maximum time an unused connection can remain idle before being automatically closed.



342
343
344
 
# File 'lib/vault/persistent.rb', line 342

def idle_timeout
  @idle_timeout
end

#keep_aliveObject

The value sent in the Keep-Alive header. Defaults to 30. Not needed for HTTP/1.1 servers.

This may not work correctly for HTTP/1.0 servers

This method may be removed in a future version as RFC 2616 does not require this header.



359
360
361
 
# File 'lib/vault/persistent.rb', line 359

def keep_alive
  @keep_alive
end

#max_requestsObject

Maximum number of requests on a connection before it is considered expired and automatically closed.



348
349
350
 
# File 'lib/vault/persistent.rb', line 348

def max_requests
  @max_requests
end

#nameObject (readonly)

A name for this connection. Allows you to keep your connections apart from everybody else’s.



365
366
367
 
# File 'lib/vault/persistent.rb', line 365

def name
  @name
end

#no_proxyObject (readonly)

List of host suffixes which will not be proxied



395
396
397
 
# File 'lib/vault/persistent.rb', line 395

def no_proxy
  @no_proxy
end

#open_timeoutObject

Seconds to wait until a connection is opened. See Net::HTTP#open_timeout



370
371
372
 
# File 'lib/vault/persistent.rb', line 370

def open_timeout
  @open_timeout
end

#override_headersObject (readonly)

Headers that are added to every request using Net::HTTP#[]=



375
376
377
 
# File 'lib/vault/persistent.rb', line 375

def override_headers
  @override_headers
end

#poolObject (readonly)

Test-only accessor for the connection pool



400
401
402
 
# File 'lib/vault/persistent.rb', line 400

def pool
  @pool
end

#private_keyObject Also known as: key

This client’s SSL private key



380
381
382
 
# File 'lib/vault/persistent.rb', line 380

def private_key
  @private_key
end

#proxy_uriObject (readonly)

The URL through which requests will be proxied



390
391
392
 
# File 'lib/vault/persistent.rb', line 390

def proxy_uri
  @proxy_uri
end

#read_timeoutObject

Seconds to wait until reading one block. See Net::HTTP#read_timeout



405
406
407
 
# File 'lib/vault/persistent.rb', line 405

def read_timeout
  @read_timeout
end

#retry_change_requestsObject

Enable retries of non-idempotent requests that change data (e.g. POST requests) when the server has disconnected.

This will in the worst case lead to multiple requests with the same data, but it may be useful for some applications. Take care when enabling this option to ensure it is safe to POST or perform other non-idempotent requests to the server.



480
481
482
 
# File 'lib/vault/persistent.rb', line 480

def retry_change_requests
  @retry_change_requests
end

#reuse_ssl_sessionsObject

By default SSL sessions are reused to avoid extra SSL handshakes. Set this to false if you have problems communicating with an HTTPS server like:

SSL_connect [...] read finished A: unexpected message (OpenSSL::SSL::SSLError)



414
415
416
 
# File 'lib/vault/persistent.rb', line 414

def reuse_ssl_sessions
  @reuse_ssl_sessions
end

#socket_optionsObject (readonly)

An array of options for Socket#setsockopt.

By default the TCP_NODELAY option is set on sockets.

To set additional options append them to this array:

http.socket_options << [Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1]



425
426
427
 
# File 'lib/vault/persistent.rb', line 425

def socket_options
  @socket_options
end

#ssl_generationObject (readonly)

Current SSL connection generation



430
431
432
 
# File 'lib/vault/persistent.rb', line 430

def ssl_generation
  @ssl_generation
end

#ssl_timeoutObject

SSL session lifetime



435
436
437
 
# File 'lib/vault/persistent.rb', line 435

def ssl_timeout
  @ssl_timeout
end

#ssl_versionObject

SSL version to use.

By default, the version will be negotiated automatically between client and server. Ruby 1.9 and newer only.



443
444
445
 
# File 'lib/vault/persistent.rb', line 443

def ssl_version
  @ssl_version
end

#timeout_keyObject (readonly)

Where this instance’s last-use times live in the thread local variables



448
449
450
 
# File 'lib/vault/persistent.rb', line 448

def timeout_key
  @timeout_key
end

#verify_callbackObject

SSL verification callback. Used when ca_file or ca_path is set.



453
454
455
 
# File 'lib/vault/persistent.rb', line 453

def verify_callback
  @verify_callback
end

#verify_depthObject

Sets the depth of SSL certificate verification



458
459
460
 
# File 'lib/vault/persistent.rb', line 458

def verify_depth
  @verify_depth
end

#verify_modeObject

HTTPS verify mode. Defaults to OpenSSL::SSL::VERIFY_PEER which verifies the server certificate.

If no ca_file, ca_path or cert_store is set the default system certificate store is used.

You can use verify_mode to override any default values.



469
470
471
 
# File 'lib/vault/persistent.rb', line 469

def verify_mode
  @verify_mode
end

Class Method Details

.detect_idle_timeout(uri, max = 10) ⇒ Object

Use this method to detect the idle timeout of the host at uri. The value returned can be used to configure #idle_timeout. max controls the maximum idle timeout to detect.

After

Idle timeout detection is performed by creating a connection then performing a HEAD request in a loop until the connection terminates waiting one additional second per loop.

NOTE: This may not work on ruby > 1.9.



245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
 
# File 'lib/vault/persistent.rb', line 245

def self.detect_idle_timeout uri, max = 10
  uri = URI uri unless URI::Generic === uri
  uri += '/'

  req = Net::HTTP::Head.new uri.request_uri

  http = new 'net-http-persistent detect_idle_timeout'

  http.connection_for uri do |connection|
    sleep_time = 0

    http = connection.http

    loop do
      response = http.request req

      $stderr.puts "HEAD #{uri} => #{response.code}" if $DEBUG

      unless Net::HTTPOK === response then
        raise Error, "bad response code #{response.code} detecting idle timeout"
      end

      break if sleep_time >= max

      sleep_time += 1

      $stderr.puts "sleeping #{sleep_time}" if $DEBUG
      sleep sleep_time
    end
  end
rescue
  # ignore StandardErrors, we've probably found the idle timeout.
ensure
  return sleep_time unless $!
end

Instance Method Details

#can_retry?(req) ⇒ Boolean

Is the request req idempotent or is retry_change_requests allowed.

Returns:

  • (Boolean) 


735
736
737
 
# File 'lib/vault/persistent.rb', line 735

def can_retry? req
  @retry_change_requests && !idempotent?(req)
end

#connection_for(uri) ⇒ Object

Creates a new connection for uri



603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
 
# File 'lib/vault/persistent.rb', line 603

def connection_for uri
  use_ssl = uri.scheme.downcase == 'https'

  net_http_args = [uri.host, uri.port]

  net_http_args.concat @proxy_args if
    @proxy_uri and not proxy_bypass? uri.host, uri.port

  connection = @pool.checkout net_http_args

  http = connection.http

  connection.ressl @ssl_generation if
    connection.ssl_generation != @ssl_generation

  if not http.started? then
    ssl   http if use_ssl
    start http
  elsif expired? connection then
    reset connection
  end

  http.read_timeout = @read_timeout if @read_timeout
  http.keep_alive_timeout = @idle_timeout if @idle_timeout

  return yield connection
rescue Errno::ECONNREFUSED
  address = http.proxy_address || http.address
  port    = http.proxy_port    || http.port

  raise Error, "connection refused: #{address}:#{port}"
rescue Errno::EHOSTDOWN
  address = http.proxy_address || http.address
  port    = http.proxy_port    || http.port

  raise Error, "host down: #{address}:#{port}"
ensure
  # Only perform checkin if we successfully checked a connection out
  if connection
    @pool.checkin net_http_args
  end
end

#error_message(connection) ⇒ Object

Returns an error message containing the number of requests performed on this connection



650
651
652
653
654
655
656
657
 
# File 'lib/vault/persistent.rb', line 650

def error_message connection
  connection.requests -= 1 # fixup

  age = Time.now - connection.last_use

  "after #{connection.requests} requests on #{connection.http.object_id}, " \
    "last used #{age} seconds ago"
end

#escape(str) ⇒ Object

URI::escape wrapper



662
663
664
 
# File 'lib/vault/persistent.rb', line 662

def escape str
  CGI.escape str if str
end

#expired?(connection) ⇒ Boolean

Returns true if the connection should be reset due to an idle timeout, or maximum request count, false otherwise.

Returns:

  • (Boolean) 


678
679
680
681
682
683
684
 
# File 'lib/vault/persistent.rb', line 678

def expired? connection
  return true  if     @max_requests && connection.requests >= @max_requests
  return false unless @idle_timeout
  return true  if     @idle_timeout.zero?

  Time.now - connection.last_use > @idle_timeout
end

#finish(connection) ⇒ Object

Finishes the Net::HTTP connection



707
708
709
710
711
712
 
# File 'lib/vault/persistent.rb', line 707

def finish connection
  connection.finish

  connection.http.instance_variable_set :@ssl_session, nil unless
    @reuse_ssl_sessions
end

#http_version(uri) ⇒ Object

Returns the HTTP protocol version for uri



717
718
719
 
# File 'lib/vault/persistent.rb', line 717

def http_version uri
  @http_versions["#{uri.host}:#{uri.port}"]
end

#idempotent?(req) ⇒ Boolean

Is req idempotent according to RFC 2616?

Returns:

  • (Boolean) 


724
725
726
727
728
729
730
 
# File 'lib/vault/persistent.rb', line 724

def idempotent? req
  case req
  when Net::HTTP::Delete, Net::HTTP::Get, Net::HTTP::Head,
       Net::HTTP::Options, Net::HTTP::Put, Net::HTTP::Trace then
    true
  end
end

#normalize_uri(uri) ⇒ Object

Adds “http://” to the String uri if it is missing.



742
743
744
 
# File 'lib/vault/persistent.rb', line 742

def normalize_uri uri
  (uri =~ /^https?:/) ? uri : "http://#{uri}"
end

#pipeline(uri, requests, &block) ⇒ Object

Pipelines requests to the HTTP server at uri yielding responses if a block is given. Returns all responses recieved.

See Net::HTTP::Pipeline for further details.

Only if net-http-pipeline was required before net-http-persistent #pipeline will be present.



757
758
759
760
761
 
# File 'lib/vault/persistent.rb', line 757

def pipeline uri, requests, &block # :yields: responses
  connection_for uri do |connection|
    connection.http.pipeline requests, &block
  end
end

#proxy=(proxy) ⇒ Object

Sets the proxy server. The proxy may be the URI of the proxy server, the symbol :ENV which will read the proxy from the environment or nil to disable use of a proxy. See #proxy_from_env for details on setting the proxy from the environment.

If the proxy URI is set after requests have been made, the next request will shut-down and re-open all connections.

The no_proxy query parameter can be used to specify hosts which shouldn’t be reached via proxy; if set it should be a comma separated list of hostname suffixes, optionally with :port appended, for example example.com,some.host:8080.



789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
 
# File 'lib/vault/persistent.rb', line 789

def proxy= proxy
  @proxy_uri = case proxy
               when :ENV      then proxy_from_env
               when URI::HTTP then proxy
               when nil       then # ignore
               else raise ArgumentError, 'proxy must be :ENV or a URI::HTTP'
               end

  @no_proxy.clear

  if @proxy_uri then
    @proxy_args = [
      @proxy_uri.host,
      @proxy_uri.port,
      unescape(@proxy_uri.user),
      unescape(@proxy_uri.password),
    ]

    @proxy_connection_id = [nil, *@proxy_args].join ':'

    if @proxy_uri.query then
      @no_proxy = CGI.parse(@proxy_uri.query)['no_proxy'].join(',').downcase.split(',').map { |x| x.strip }.reject { |x| x.empty? }
    end
  end

  reconnect
  reconnect_ssl
end

#proxy_bypass?(host, port) ⇒ Boolean

Returns true when proxy should by bypassed for host.

Returns:

  • (Boolean) 


863
864
865
866
867
868
869
870
871
872
873
 
# File 'lib/vault/persistent.rb', line 863

def proxy_bypass? host, port
  host = host.downcase
  host_port = [host, port].join ':'

  @no_proxy.each do |name|
    return true if host[-name.length, name.length] == name or
       host_port[-name.length, name.length] == name
  end

  false
end

#proxy_from_envObject

Creates a URI for an HTTP proxy server from ENV variables.

If HTTP_PROXY is set a proxy will be returned.

If HTTP_PROXY_USER or HTTP_PROXY_PASS are set the URI is given the indicated user and password unless HTTP_PROXY contains either of these in the URI.

The NO_PROXY ENV variable can be used to specify hosts which shouldn’t be reached via proxy; if set it should be a comma separated list of hostname suffixes, optionally with :port appended, for example example.com,some.host:8080. When set to * no proxy will be returned.

For Windows users, lowercase ENV variables are preferred over uppercase ENV variables.



836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
 
# File 'lib/vault/persistent.rb', line 836

def proxy_from_env
  env_proxy = ENV['http_proxy'] || ENV['HTTP_PROXY']

  return nil if env_proxy.nil? or env_proxy.empty?

  uri = URI normalize_uri env_proxy

  env_no_proxy = ENV['no_proxy'] || ENV['NO_PROXY']

  # '*' is special case for always bypass
  return nil if env_no_proxy == '*'

  if env_no_proxy then
    uri.query = "no_proxy=#{escape(env_no_proxy)}"
  end

  unless uri.user or uri.password then
    uri.user     = escape ENV['http_proxy_user'] || ENV['HTTP_PROXY_USER']
    uri.password = escape ENV['http_proxy_pass'] || ENV['HTTP_PROXY_PASS']
  end

  uri
end

#reconnectObject

Forces reconnection of HTTP connections.



878
879
880
 
# File 'lib/vault/persistent.rb', line 878

def reconnect
  @generation += 1
end

#reconnect_sslObject

Forces reconnection of SSL connections.



885
886
887
 
# File 'lib/vault/persistent.rb', line 885

def reconnect_ssl
  @ssl_generation += 1
end

#request(uri, req = nil, &block) ⇒ Object

Makes a request on uri. If req is nil a Net::HTTP::Get is performed against uri.

If a block is passed #request behaves like Net::HTTP#request (the body of the response will not have been read).

req must be a Net::HTTPRequest subclass (see Net::HTTP for a list).

If there is an error and the request is idempotent according to RFC 2616 it will be retried automatically.



920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
 
# File 'lib/vault/persistent.rb', line 920

def request uri, req = nil, &block
  retried      = false
  bad_response = false

  uri      = URI uri
  req      = request_setup req || uri
  response = nil

  connection_for uri do |connection|
    http = connection.http

    begin
      connection.requests += 1

      response = http.request req, &block

      if req.connection_close? or
         (response.http_version <= '1.0' and
          not response.connection_keep_alive?) or
         response.connection_close? then
        finish connection
      end
    rescue Net::HTTPBadResponse => e
      message = error_message connection

      finish connection

      raise Error, "too many bad responses #{message}" if
      bad_response or not can_retry? req

      bad_response = true
      retry
    rescue *RETRIED_EXCEPTIONS => e
      request_failed e, req, connection if
        retried or not can_retry? req

      reset connection

      retried = true
      retry
    rescue Errno::EINVAL, Errno::ETIMEDOUT => e # not retried on ruby 2
      request_failed e, req, connection if retried or not can_retry? req

      reset connection

      retried = true
      retry
    rescue Exception => e
      finish connection

      raise
    ensure
      connection.last_use = Time.now
    end
  end

  @http_versions["#{uri.host}:#{uri.port}"] ||= response.http_version

  response
end

#request_failed(exception, req, connection) ⇒ Object

Raises an Error for exception which resulted from attempting the request req on the connection.

Finishes the connection.

Raises:



987
988
989
990
991
992
993
994
 
# File 'lib/vault/persistent.rb', line 987

def request_failed exception, req, connection # :nodoc:
  due_to = "(due to #{exception.message} - #{exception.class})"
  message = "too many connection resets #{due_to} #{error_message connection}"

  finish connection

  raise Error, message, exception.backtrace
end

#request_setup(req_or_uri) ⇒ Object

Creates a GET request if req_or_uri is a URI and adds headers to the request.

Returns the request.



1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
 
# File 'lib/vault/persistent.rb', line 1002

def request_setup req_or_uri # :nodoc:
  req = if URI === req_or_uri then
          Net::HTTP::Get.new req_or_uri.request_uri
        else
          req_or_uri
        end

  @headers.each do |pair|
    req.add_field(*pair)
  end

  @override_headers.each do |name, value|
    req[name] = value
  end

  unless req['Connection'] then
    req.add_field 'Connection', 'keep-alive'
    req.add_field 'Keep-Alive', @keep_alive
  end

  req
end

#reset(connection) ⇒ Object

Finishes then restarts the Net::HTTP connection



892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
 
# File 'lib/vault/persistent.rb', line 892

def reset connection
  http = connection.http

  finish connection

  start http
rescue Errno::ECONNREFUSED
  e = Error.new "connection refused: #{http.address}:#{http.port}"
  e.set_backtrace $@
  raise e
rescue Errno::EHOSTDOWN
  e = Error.new "host down: #{http.address}:#{http.port}"
  e.set_backtrace $@
  raise e
end

#shutdownObject

Shuts down all connections

NOTE: Calling shutdown for can be dangerous!

If any thread is still using a connection it may cause an error! Call #shutdown when you are completely done making requests!



1033
1034
1035
1036
1037
 
# File 'lib/vault/persistent.rb', line 1033

def shutdown
  @pool.available.shutdown do |http|
    http.finish
  end
end

#ssl(connection) ⇒ Object

Enables SSL on connection



1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
 
# File 'lib/vault/persistent.rb', line 1042

def ssl connection
  connection.use_ssl = true

  connection.ciphers     = @ciphers     if @ciphers
  connection.ssl_timeout = @ssl_timeout if @ssl_timeout
  connection.ssl_version = @ssl_version if @ssl_version

  connection.verify_depth = @verify_depth
  connection.verify_mode  = @verify_mode

  if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and
     not Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
    warn <<-WARNING
                           !!!SECURITY WARNING!!!

The SSL HTTP connection to:

#{connection.address}:#{connection.port}

                         !!!MAY NOT BE VERIFIED!!!

On your platform your OpenSSL implementation is broken.

There is no difference between the values of VERIFY_NONE and VERIFY_PEER.

This means that attempting to verify the security of SSL connections may not
work.  This exposes you to man-in-the-middle exploits, snooping on the
contents of your connection and other dangers to the security of your data.

To disable this warning define the following constant at top-level in your
application:

I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil

    WARNING
  end

  connection.ca_file = @ca_file if @ca_file
  connection.ca_path = @ca_path if @ca_path

  if @ca_file or @ca_path then
    connection.verify_callback = @verify_callback if @verify_callback
  end

  if @certificate and @private_key then
    connection.cert = @certificate
    connection.key  = @private_key
  end

  connection.cert_store = if @cert_store then
                            @cert_store
                          else
                            store = OpenSSL::X509::Store.new
                            store.set_default_paths
                            store
                          end
end

#start(http) ⇒ Object

Starts the Net::HTTP connection



689
690
691
692
693
694
695
696
697
698
699
700
701
702
 
# File 'lib/vault/persistent.rb', line 689

def start http
  http.set_debug_output @debug_output if @debug_output
  http.open_timeout = @open_timeout if @open_timeout

  http.start

  socket = http.instance_variable_get :@socket

  if socket then # for fakeweb
    @socket_options.each do |option|
      socket.io.setsockopt(*option)
    end
  end
end

#unescape(str) ⇒ Object

URI::unescape wrapper



669
670
671
 
# File 'lib/vault/persistent.rb', line 669

def unescape str
  CGI.unescape str if str
end